Posted by Zach Taylor on 05 December 2011 06:01 AM
What is suPHP?On most Apache servers, PHP runs as an Apache module. This is the default method of installation. Many hosts have this setup because it is default and most do not realize that it is also possible to configure PHP as a CGI. Running PHP as a CGI can be more secure whilst also avoiding file and directory ownership issues.
suPHP provides the facility to have all scripts run under the relevant user account instead of under the webserver's account, usually the unprivileged 'nobody' user. This facility allows the Server Administrators to isolate and manage malicious or runaway script usage very quickly, avoiding unwanted or un-authorized scripts from running for a lengthy period of time. PacificHost uses suPHP on all hosting services by default. Dedicated/VPS clients have the option of removing suPHP if they choose to.
What does suPHP Do?With non-suPHP configurations, PHP runs as an Apache Module. It executes as the user and group of the webserver which is usually "nobody", "httpd" or "apache". Under this mode, files or directories that you require your php scripts to be able to write to need 777 permissions (read/write/execute at user/group/world level). This is not very secure because it allows the webserver to write to the file, it also allows anyone else to read or write to the file.
Under suPHP configurations, PHP scripts now execute under your own user/group level. Files or directories that you require your php scripts to be able to write to no longer need to have 777 permissions. In fact, 777 permissions are no longer allowed, having 777 permissions on your scripts or the directories they reside in will not run and will instead cause a "500 Internal Server error" when attempting to execute them. This is done to protect you from someone abusing your scripts. Your scripts and directories can now only have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
My script requires 777So what about php scripts that say they require 777 permissions on some of their directory or files to work, such as a Joomla!, Forums, photo galleries and alike? Due to the transparent nature of suPHP this is solved very simply, any directories stated as requiring to be "writable" or "777" can safely be set to 755 (the maximum) instead. This is because, now that the web server runs under your own user account, only your own user account needs full write and execute permissions.
Under the old Apache Module mode, it was possible to manipulate the PHP settings from within a ".htaccess" file placed in the script's top-level directory, this was also recursively applied to all other directories below it.
For example you could turn on the php setting "magic_quotes_gpc" with this line in .htaccess:
php_value magic_quotes_gpc on
When PHP is running as a CGI under suPHP, manipulating the PHP settings is still possible however you can no longer make use of a ".htaccess" file. Using .htaccess with the required PHP prefix of "php_value" will cause a "500 Internal Server Error" when attempting to access the scripts. This is due to PHP no longer running as an Apache module, thus Apache is unable to handle those directives any longer.
Noting that PacificHost uses suPHP, ALL php values should be removed from your .htaccess files to avoid the 500 Internal Server Error. Instead, you will now be creating and using your own "Local php.ini" file to manipulate the desired php settings.
What is a php.ini file?The php.ini file is a configuration file that the server looks at to see what PHP options have been made available to the server, or what their settings are, if different from the server's default php.ini. While the name may seem advanced to those unfamiliar with it, it is in essence a simple text file with the name php.ini
How to create a php.ini file
In order to use a custom PHP.INI file, please submit a Support Ticket, and specify the value that needs to be changed, and we'll set it up for you.
My php script doesn't work or I have an error message.